Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Jan. 24, 2025, 4:02 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
961	5.4	警告 Network	Themeisle	Orbit Fox	ThemeIsle の WordPress 用 Orbit Fox におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-13183	2025-01-17 12:08	2025-01-10	Show	GitHub Exploit DB Packet Storm

962	4.3	警告 Network	Progress Software Corporation	MOVEit Transfer	Progress Software Corporation の MOVEit Transfer における脆弱性	CWE-778 CWE-Other	CVE-2024-2291	2025-01-17 12:08	2024-03-20	Show	GitHub Exploit DB Packet Storm

963	4.8	警告 Network	MantisBT Group	MantisBT	MantisBT Group の MantisBT におけるクロスサイトスクリプティングの脆弱性	CWE-79 CWE-79	CVE-2024-34081	2025-01-17 12:08	2024-05-14	Show	GitHub Exploit DB Packet Storm

964	8.8	重要 Network	oretnom23	Laundry Shop Management System	Oretnom23 の Laundry Shop Management System における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2024-3466	2025-01-17 12:08	2024-04-8	Show	GitHub Exploit DB Packet Storm

965	4.3	警告 Network	Brizy	brizy	Brizy の WordPress 用 brizy における認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2024-3711	2025-01-17 12:02	2024-05-23	Show	GitHub Exploit DB Packet Storm

966	9.8	緊急 Network	Apache Software Foundation	Apache Xerces-C++	Apache Software Foundation の Apache Xerces-C++ における解放済みメモリの使用に関する脆弱性	CWE-416 解放済みメモリの使用	CVE-2024-23807	2025-01-17 12:02	2024-02-29	Show	GitHub Exploit DB Packet Storm

967	5.3	警告 Network	MantisBT Group	MantisBT	MantisBT Group の MantisBT における脆弱性	CWE-200 CWE-noinfo	CVE-2024-34080	2025-01-17 12:02	2024-05-14	Show	GitHub Exploit DB Packet Storm

968	8.8	重要 Network	Brizy	brizy	Brizy の WordPress 用 brizy における危険なタイプのファイルの無制限アップロードに関する脆弱性	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2024-1311	2025-01-17 11:58	2024-03-13	Show	GitHub Exploit DB Packet Storm

969	5.3	警告 Network	zestard	admin side data storage for contact form 7	zestard の WordPress 用 admin side data storage for contact form 7 における認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2024-1779	2025-01-17 11:58	2024-02-23	Show	GitHub Exploit DB Packet Storm

970	8.8	重要 Network	Progress Software Corporation	telerik report server	Progress Software Corporation の telerik report server における信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 CWE-502	CVE-2024-1800	2025-01-17 11:58	2024-03-20	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Jan. 24, 2025, 4:45 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
21	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in heart5 StatPressCN allows Reflected XSS. This issue affects StatPressCN: from n/a through 1.9.1. New	CWE-79 Cross-site Scripting	CVE-2025-23544	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

22	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in edmon Download, Downloads allows Reflected XSS. This issue affects Download, Downloads : from n/… New	CWE-79 Cross-site Scripting	CVE-2025-23541	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

23	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin khan WP Front-end login and register allows Reflected XSS. This issue affects WP Front-end… New	CWE-79 Cross-site Scripting	CVE-2025-23540	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

24	-	-	-	Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Media Library Mime Type allows Stored XSS. This issue affects Rocket Media Library Mime Type: from n/a through 2.1.0. New	CWE-352 Origin Validation Error	CVE-2025-22768	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

25	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tarak Patel WP Query Creator allows Reflected XSS. This issue affects WP Query Creator: from n/a … New	CWE-79 Cross-site Scripting	CVE-2025-22264	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

26	-	-	-	It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authenticatio… New	CWE-287 Improper Authentication	CVE-2025-0637	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

27	-	-	-	SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server. New	-	CVE-2024-55971	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

28	-	-	-	ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection. New	-	CVE-2024-52325	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

29	-	-	-	The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles whil… New	-	CVE-2024-10846	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

30	-	-	-	A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins. New	-	CVE-2025-24403	2025-01-24 01:15	2025-01-23	Show	GitHub Exploit DB Packet Storm